I'm trying to create a very simple body check for a limited time to get
an indicative idea of how many users may be sending credit card numbers
via email. I have a simple pcre body_check map that is logging a warning
when it encounters a match. Unfortunately, the entire message line that
triggers the warning is added to the mail log, naturally with the
potential credit card number in plain text.
cat /etc/postfix/body_checks.pcre
/\b(?:\d[ -]*){13,16}\b/ WARN Credit card number
Nov 14 11:54:28 smtptest postfix/cleanup[21394]: 98D7015E0091: warning:
body text 1243 1211 1232 1232 blah blah from
localhost.localdomain[127.0.0.1]; from=<[EMAIL PROTECTED]>
to=test.user <mailto:[EMAIL PROTECTED]> @
<mailto:[EMAIL PROTECTED]> domain.example.com proto=SMTP
helo=<server.example.com>: Credit card number
Our security people are having wibbles about this logging regime, so I
was wondering if there was some way to ensure the WARN action doesn't
log the matched line (I can obviously append a truncated version of the
apparent number with the optional text), or if there might be a better
way to do this auditing task.
